package com.jnshu.security;

import com.jnshu.filter.CorsFilter;
import com.jnshu.security.authentication.CustomAuthenticationProvider;
import com.jnshu.security.authentication.CustomizeUserPermission;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author xmp
 * @date 2019/8/17 9:35
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    CustomAuthenticationProvider customAuthenticationProvider;

    @Autowired
    CustomizeUserPermission customUserDetailsService;

    @Bean
    public CorsFilter corsFilter(){
        return new CorsFilter();
    }

    /**
     * 全局用户信息
     * @param auth 认证管理
     * @throws Exception 用户认证异常信息
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider (customAuthenticationProvider);
        auth.userDetailsService (customUserDetailsService).passwordEncoder (new PasswordEncoder() {
            @Override
            public String encode(CharSequence charSequence) {
                return charSequence.toString ();
            }

            @Override
            public boolean matches(CharSequence charSequence, String s) {
                return s.equals (charSequence.toString ());
            }
        });
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception{
        httpSecurity.authorizeRequests()

                //课程管理
                .antMatchers ("/a/course/**").hasAuthority ("1")
                //用户管理
                .antMatchers ("/a/user/**").hasAuthority ("2")

                //消息管理
                .antMatchers ("/a/message/**").hasAuthority ("3")

                //任务管理
                .antMatchers ("/a/task/**").hasAuthority ("4")

                //账户管理
                .antMatchers ("/a/manage/**").hasAuthority ("5")

                //模块管理
                .antMatchers ("/a/model/**").hasAuthority ("6")

                //角色管理
                .antMatchers ("/a/role/**").hasAuthority ("7")

                //修改密码
                .antMatchers ("/a/manage/password").hasAuthority ("8")

                //其他路径允许签名后访问
                .anyRequest().permitAll()
                .and()
                //设置登录页
                .formLogin().loginPage("/b/login")
                //设置登录成功的url
                .defaultSuccessUrl("/b/login/success").permitAll()
                //登录失败url
                .failureUrl("/b/login/error")
                //自定义登陆用户名和密码参数，默认为username和password
                .usernameParameter("manageName")
                .passwordParameter("password")
                .and()
                .logout().logoutUrl("/b/logout").logoutSuccessUrl("/logoutSuccess");

        //关闭CSRF
        httpSecurity.csrf().disable();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 设置拦截忽略文件夹，可以对静态资源放行
        web.ignoring ().antMatchers ("/css/**", "/js/**");
    }
}
